Penetration Testing mailing list archives

Re: Pentest Letter of Achievement/Certificate

From: Mike Klingler <mike () securitymetrics com>
Date: Thu, 14 Jul 2005 20:09:27 -0600

Paul Fields wrote:

Payment Card Industry data security standards specifically ask for
quarterly vulnerability scans and annual pen testing.

Gramm-Leach-Bliley Act also asks for periodic testing of systems.

Now that they ask for it, how do you prove what you've done?


Well they do have a list of companies that can do the VA scanning that
they accept.  Anyone can try to get on the list to do scanning for it.


One of the reasons we use repeatable methodologies in audits is the
assumption that someone else using the same knowledge, tools, and
techniques could easily come up with the same results.


They evaluate the different companies scanning with a baseline set of
systems that have weaknesses on them.  If you do well enough for them
you get accepted.

Michael Klingler

Current thread:

RE: GPRS Security, (continued)
- - - RE: GPRS Security Sahir Hidayatullah (Jul 19)
    - source code audit manoj kumar (Jul 19)
  - Re: Pentest Letter of Achievement/Certificate R. DuFresne (Jul 13)
    - Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 14)
- Re: Pentest Letter of Achievement/Certificate Tom Van de Wiele (Jul 13)
  - Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 13)
    - Re: Pentest Letter of Achievement/Certificate Tom Van de Wiele (Jul 13)
    - Re: Pentest Letter of Achievement/Certificate Travis Good (Jul 13)
    - Re: Pentest Letter of Achievement/Certificate John Kinsella (Jul 14)
    - RE: Pentest Letter of Achievement/Certificate Paul Fields (Jul 14)
    - Re: Pentest Letter of Achievement/Certificate Mike Klingler (Jul 15)
    - RE: Pentest Letter of Achievement/Certificate Lyal Collins (Jul 15)
    - Re: Pentest Letter of Achievement/Certificate Matthew J. Harmon (Jul 14)
  - Re: Pentest Letter of Achievement/Certificate Michael Sierchio (Jul 13)
    - Re: Pentest Letter of Achievement/Certificate Mark Teicher (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Tim (Jul 16)
- RE: Pentest Letter of Achievement/Certificate Moonen, Ralph (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Mark Teicher (Jul 13)
  - Re: Pentest Letter of Achievement/Certificate Michael Sierchio (Jul 13)
- Re: Pentest Letter of Achievement/Certificate Mark Teicher (Jul 13)
- Re: Pentest Letter of Achievement/Certificate blowfish 448 (Jul 14)